﻿<?php 
error_reporting(E_ERROR|E_PARSE);
header("Content-Type:text/html; charset=utf-8");
session_start();
if($_SESSION["islogin"]!=='igiveyouthepower'){
echo "<script language=JavaScript>\r\n";
echo "alert('请先登录!');\r\n";
echo "location.href='../index.php'\r\n";
echo "</script>";
}else{
require_once('../config.php');
?>
<?php 
function replace_specialChar($strParam){
    $regex = "/\/|\~|\!|\@|\#|\\$|\%|\^|\&|\*|\(|\)|\_|\+|\{|\}|\:|\<|\>|\?|\[|\]|\,|\.|\/|\;|\'|\`|\-|\=|\\\|\|/";
    return preg_replace($regex,"",$strParam);
}
$conn = mysqli_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd,$cfg_dbname);
$action=$_GET["action"];
$id=intval($_GET["id"]);
if($_POST['id']<>''){$ID_Dele=implode(",",$_POST['id']);}
$adminpass=$_POST["adminpass"];
$thetype=$_POST["thetype"];
$admin=$_POST["admin"];
$maxhostsize=$_POST["maxhostsize"]*1024*1024;

if($action=='add'){
$query="select * from ph_admin where admin='".$admin."'";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)>=1){
echo "<script language=JavaScript>\r\n";
echo "alert('该用户已存在!');\r\n";
echo "location.href='apilist.php'\r\n";
echo "</script>";
}else{
if($_SESSION["thetype"]=="超级管理员"){
$sql = "INSERT INTO ph_admin(admin,adminpass,thetype,parent,maxhostsize)VALUES('".$admin."','".$adminpass."','".$thetype."','".$_SESSION["managername"]."','".$maxhostsize."')";
}else{
$sql = "INSERT INTO ph_admin(admin,adminpass,thetype,parent)VALUES('".$admin."','".$adminpass."','".$thetype."','".$_SESSION["managername"]."')";
}
mysqli_query($conn,$sql);
echo "<script language=JavaScript>\r\n";
echo "alert('新增成功!');\r\n";
echo "location.href='list.php'\r\n";
echo "</script>";
}}
if($action=='edit'){
if($_SESSION["thetype"]=="超级管理员"){
$sql = "update ph_admin set admin='".$admin."',adminpass='".$adminpass."',thetype='".$thetype."',maxhostsize='".$maxhostsize."' where id='".$id."'";
}else{
$sql = "update ph_admin set admin='".$admin."',adminpass='".$adminpass."',thetype='".$thetype."' where id='".$id."'";
}
mysqli_query($conn,$sql);
echo "<script language=JavaScript>\r\n";
echo "alert('编辑成功!');\r\n";
echo "location.href='list.php'\r\n";
echo "</script>";
}
if($action=='del'){
if($ID_Dele<>''){
$sql = "delete from ph_admin where id in(".$ID_Dele.")";
mysqli_query($conn,$sql);}
if($id<>''){
$sql = "delete from ph_admin where id ='".$id."'";
mysqli_query($conn,$sql);}
echo "<script language=JavaScript>\r\n";
echo "alert('删除成功!');\r\n";
echo "location.href='list.php'\r\n";
echo "</script>";
}
?>
<?php }?>